This are not nescessarily attackers. I guess you use mod_evasive? In this case, it might be that your mod_evasive settings are just too strict e.g. for sites that use ajax and that thes erae false positives.

You should delete these files or move them to a backup dir and then set the mod_eavsive settings to be less strict and chek in the next days if so many files return.

mod_evasive is already blocking the requests listed there and it takes also care about unblocking them after some time, so there is no need to block them separately.